CVE-2001-0122

Kernel leak in AfpaCache module of the Fast Response Cache Accelerator FRCA component of IBM HTTP Server 1.3.x and Websphere 3.52 allows remote attackers to cause a denial of service via a series of malformed HTTP requests that generate a "bad request" error...

CVE-2001-0925

The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / slash characters, which causes the path to be mishandled by 1 modnegotiation, 2 moddir, or 3 modautoindex...

def-2001-10: Websweeper Infinite HTTP Request DoS

====================================================================== Defcom Labs Advisory def-2001-10 Websweeper Infinite HTTP Request DoS Author: Peter Grьndl [email protected] Release Date: 2001-03-08 ======================================================================...

Baltimore Technologies WEBsweeper 4.0 - Denial of Service

Baltimore Technologies WEBsweeper 4.0 - Denial of Service // source: https://www.securityfocus.com/bid/2465/info Baltimore Technology WEBsweeper is subject to a denial of service condition. Submitting an unusually long HTTP request through WEBsweeper will cause the consumption of all available...

defcom.websphere.txt

====================================================================== Defcom Labs Advisory def-2001-02 IBM Websphere 3.52 Kernel Leak DoS Author: Peter Gründl Release Date: 2001-01-08 ====================================================================== ------------------------=Brief...

CVE-2000-1235

The default configurations of 1 the port listener and 2 modplsql in Oracle Internet Application Server IAS 3.0.7 and earlier allow remote attackers to view privileged database information via HTTP requests for Database Access Descriptor DAD files...

CVE-2000-1154

RHConsole in RobinHood 1.1 web server for BeOS r5 Pro and earlier is affected. Affected component: RHConsole/web server; vulnerability allows remote attackers to cause a denial of service via a long HTTP request. The description specifies DoS impact but provides no details on root cause, versions...

Disclosure of JSP source code with ServletExec AS v3.0c + web instance

Test environment ---------------- NT 4.0 SP6a IIS v4 Sun JDK v1.2.2.006 ServletExec AS v3.0C Vendor status Unify --------------------- Issue reported on October 27th to [email protected] Confirmation on November 2nd that the problem was reproduced Confirmation that the issue was forwarded t...

Unify eWave ServletExec 3 - .JSP Source Disclosure

source : https://www.securityfocus.com/bid/1970/info Unify eWave ServletExec is a Java/Java Servlet engine plug-in for major web servers such as Microsoft IIS, Apache, Netscape Enterprise Server, etc. ServletExec will return the source code of JSP files when a HTTP request is appended with one of...

Cisco Catalyst Web Interface Remote Command Execution

The remote device appears to be a Cisco Catalyst. It is possible to execute arbitrary commands on the router by requesting them via HTTP, as in : /exec/show/config/cr This command shows the configuration file, which contains passwords. A remote attacker could use this flaw to take control of the...

Microsoft IIS 4.05.0 - Executable File Parsing

Microsoft IIS 4.05.0 - Executable File Parsing source: https://www.securityfocus.com/bid/1912/info When Microsoft IIS receives a valid request for an executable file, the filename is then passed onto the underlying operating system which executes the file. In the event that IIS receives a special...

CVE-2000-0775

Buffer overflow in RobTex Viking server earlier than 1.06-370 allows remote attackers to cause a denial of service or execute arbitrary commands via a long HTTP GET request, or long Unless-Modified-Since, If-Range, or If-Modified-Since headers...

VIGILANTE-2000008.txt

NTMail Configuration Service DoS Advisory Code: VIGILANTE-2000008 Release Date: September 4, 2000 Systems Affected: - NTMail V5 Alpha Processor - NTMail V5 Intel Processor - NTMail V6 Alpha Processor - NTMail V6 Intel Processor THE PROBLEM The web configuration running on TCP port 8000 does not...

Microsoft IIS 2.0/3.0/4.0/5.0/5.1 - Internal IP Address Disclosure

source: https://www.securityfocus.com/bid/1499/info When a remote user attempts to access an area protected by basic authentication with no realm defined, while specifying HTTP 1.0, Microsoft IIS will return an Access Denied error message containing the internal IP address of the host. Even if II...

DoS против Real Server

При определенных HTTP-запросах сервер перестает функционировать...

Утилита конфигурации NTMail работает как прокси сервер

Даже при отключенном прокси порт 8080 утилита конфигурации NTMail порт 8000 работает как прокси-сервер, т.е. перенаправляет HTTP-запросы на другие сервера...

QuickCommerce 2.53.0 Cart32 2.5 a3.0 Shop Express 1.0 StoreCreator 3.0 Web Shopping Cart - Hidden Form Field

QuickCommerce 2.53.0 Cart32 2.5 a3.0 Shop Express 1.0 StoreCreator 3.0 Web Shopping Cart - Hidden Form Field E-Commerce Exchange QuickCommerce 2.5/3.0,McMurtrey/Whitaker & Associates Cart32 2.5 a/3.0,Shop Express 1.0,StoreCreator 3.0 Web Shopping Cart Hidden Form Field Vulnerability source:...

CVE-1999-0437

Remote attackers can perform a denial of service in WebRamp systems by sending a malicious string to the HTTP port...

ms-iis4-avoid-log.txt

Date: Fri, 22 Jan 1999 10:12:52 -0000 From: mnemonix To: [email protected] Subject: IIS 4 Request Logging Security Advisory There is are a combination of problems with IIS 4 that allows an successful HTTP request to go unlogged. Microsoft's Internet Information Server 4 allows the use of any...

iis4.htr-2.pl

Re: Retina vs. IIS4, Round 2, KO Randal L. Schwartz [email protected] Tue, 15 Jun 1999 16:59:08 -0700 "Ryan" == Ryan R Permeh writes: Ryan !/usr/bin/perl Ryan props to the absu crew Ryan use Net::Telnet; Ryan for $i=2500;$i Ryan $obj=Net::Telnet-new Host = "$ARGV0",Port = 80; Ryan my $cmd =...